BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
/in General NewsThe threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that’s designed to distribute malicious content.
“VexTrio is a group of malicious adtech companies that distribute scams and harmful software via
The Hacker News – Read More
How to delete your 23andMe data ASAP – and why you should
/in General NewsSince 23andMe filed for bankruptcy and a pharmaceutical company won the bid to acquire it, about 15% of its customers have requested their data be deleted. Here’s how you can, too.
Latest stories for ZDNET in Security – Read More
Social Media Is Now a DIY Alert System for ICE Raids
/in General NewsThe undocumented migrant community in the United States is using social networks and other digital platforms to send alerts about raids and the presence of immigration agents around the US.
Security Latest – Read More
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
/in General NewsThe iPhone maker quietly updated a February security advisory to publicize a flaw that was used to hack at least two journalists in Europe.
Security News | TechCrunch – Read More
Belarusian hackers taunt Kaspersky over report detailing their attacks
/in General NewsA recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.
The Record from Recorded Future News – Read More
Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
/in General NewsCitizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.
SecurityWeek – Read More
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
/in General NewsCybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change.
“The TokenBreak attack targets a text classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
The Hacker News – Read More
The AI Arms Race: Deepfake Generation vs. Detection
/in General NewsAI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.
The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.
SecurityWeek – Read More
The $200,000 Zoom call
/in General NewsA crypto CEO shared his screen. What happened next unraveled his digital life.
The Record from Recorded Future News – Read More
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
/in General NewsAI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention.
Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.
And here’s
The Hacker News – Read More